Director of Cybersecurity and Infrastructure

Issued By: Critical Path Security, LLCContact: LJ Campbell, CEOCritical Path Security | Kennesaw, GAAbout Critical Path SecurityCritical Path Security is a human-led cybersecurity services company delivering managed security operations, incident response, and advisory support for organizations that need trusted execution across IT and OT environments. We combine experienced analysts, real-world response expertise, and purpose-built visibility and detection capabilities to identify what matters, investigate quickly, and help clients act with confidence. More than a monitoring vendor, we operate as an extension of our clients' teams. From managed SOC and incident response to penetration testing, vCISO leadership, compliance support, and security awareness, we help organizations protecting critical infrastructure strengthen resilience and reduce real-world risk.The RoleLocation: Kennesaw, GA (in-office)Type: Full-timeReports To: CEOTarget Start: Q2 2026You will own three things at Critical Path Security:The senior tier of our managed security operations. Tier 3 escalation authority for client investigations and confirmed compromises, incident response leadership, SOC quality standards, and client-facing incident communication.The internal infrastructure that runs our SOC. Virtualization, networking, storage, backups, identity, and the security tooling stack (SIEM, EDR, SOAR) our analysts rely on every shift.Executive security advisory for select clients. vCISO engagements, GRC leadership, board-level security communication, and program guidance for the organizations that need a senior voice in the room.Alongside all three, you will mentor the technical team, drive process improvement across the SOC, and lead the automation and AI-enablement work that makes the entire operation more effective.ResponsibilitiesSecurity Operations (Primary)• Serve as Tier 3 escalation authority for high-severity incidents and confirmed compromises across the CPS client portfolio• Lead major incident response: containment, eradication, root cause analysis, and executive-level client communication• Set SOC quality standards for triage rigor, documentation, handoff discipline, and client-facing incident reporting• Own SOC detection and threat hunting strategy: review coverage, prioritize detection engineering work, ensure continuous improvement• Act as the senior technical voice for client stakeholders on security posture, incident findings, and ongoing riskvCISO, GRC & Client Advisory• Serve as vCISO for select CPS clients -- deliver strategic security leadership, program guidance, and executive and board-level communication as an extension of the client's leadership team• Own governance, risk, and compliance (GRC) advisory for vCISO clients: policy frameworks, control frameworks (NIST CSF, CIS, ISO 27001), regulatory posture (HIPAA, PCI, NERC CIP where applicable), risk registers, and audit readiness• Translate technical risk into business language for client executives and, when engaged, their boards• Partner with account leads to shape security roadmaps, policy frameworks, and compliance posture for vCISO clients• Own the quality bar for CPS's vCISO and GRC deliverables: assessments, roadmaps, board reports, executive briefings, and compliance attestationsSecurity Engineering & Infrastructure• Own the internal infrastructure that underpins CPS SOC operations: virtualization (Proxmox), networking, storage, backups, identity, and the security tooling stack (SIEM, EDR, SOAR)• Lead break-fix triage and recovery for production-impacting infrastructure failures; serve as the top of the on-call escalation tree• Define and enforce infrastructure standards: patch cadence, hardening baselines, configuration management, and documented recovery paths• Evaluate and recommend infrastructure investments: tooling upgrades, platform migrations, and capacity planning• Drive detection engineering and automation work: SIEM rule development, SOAR playbooks, Python/scripting automation across SOC workflowsTeam Leadership & AI Enablement• Mentor and develop senior SOC analysts and security engineers; raise the operational discipline of the entire technical team• Drive AI adoption across SOC workflows -- detection engineering, investigation, documentation, client reporting -- so the team moves faster without sacrificing rigor• Serve as a senior technical voice on client calls, incident briefings, and executive-level conversations• Partner with the VP of Operations on SOC process improvement and team performanceWhat You Bring (Required)Dual-domain background:15+ years hands-on experience spanning both security engineering (IR, threat hunting, SIEM/EDR, detection engineering) and infrastructure (virtualization, networking, storage). Not one domain with exposure to the other -- genuine depth in both.Incident leadership:Has led end-to-end incident response for confirmed compromises. Can speak to specific incidents owned from first alert through post-incident reporting.Infrastructure recovery under pressure:Has personally recovered a production environment from a critical failure at the virtualization, networking, or storage layer. Hands-on operator, not a manager of operators.vCISO or executive security advisory:Has served as a fractional or virtual CISO, or the equivalent executive security advisor, for one or more organizations. Comfortable in boardrooms and executive sessions.GRC fluency:Working knowledge of at least two major control frameworks (NIST CSF, CIS Controls, ISO 27001, HIPAA, PCI-DSS, NERC CIP, or equivalent). Has advised a client or organization on policy, risk register, or audit readiness.AI literacy:Comfortable integrating AI tools into security operations and advisory workflows. Understands where LLMs and AI-augmented tooling help analysts and advisors move faster without compromising rigor. Actively experimenting with AI in daily work.Team building:Has hired, developed, and retained technical staff in a services or operations environment.Client-facing maturity:Has been the senior technical voice in client-facing meetings, incident briefings, or executive conversations. Credible to senior customer stakeholders without oversimplifying or drowning people in jargon.On-call operating experience:Comfortable at the top of an on-call escalation tree. Knows how to run a rotation without burning the team out.Communication:Strong written communication for client-facing deliverables and internal documentation. Closes loops.Preferred:• Prior MSSP, MDR, or IT services experience (multi-tenant operations, SLA management, client reporting cadences)• Hands-on experience with Proxmox, KVM, or other open virtualization stacks• Experience with Elastic/ELK, Suricata, Zeek, or similar detection tooling• OT/ICS security exposure (SCADA, Modbus, DNP3, Purdue Model, passive monitoring)• Python or automation/scripting background for SOC workflows• CISSP, CISM, CISA, or equivalent senior security credentialWhat We OfferBenefits: Health insurance, PTO, standard benefits packageWork Model: In-office, Kennesaw, GAImpact: Direct reporting line to the CEO. Senior authority over security operations, engineering, and advisory from day one.Mission: Protect critical infrastructure from real-world cyber threats.Critical Path Security is an equal opportunity employer. We welcome applications from all backgrounds and are committed to building a diverse, high-performing team.